Default Security of Active Directory Objects
The default security descriptor for an Active Directory object is specified in the schema. Essentially there are two segments to the default Active Directory security configuration or default access rights granted.
Initial security for all objects created while installing Active Directory.
Default security for objects created after installing Active Directory.
For information about the default security descriptors for Active Directory objects, see the Microsoft Platform SDK link on the Web Resources page at https://windows.microsoft.com/windows2000/reskit/webresources . For information about permissions and security descriptors, see "Access Control" in this book.
.gif "note-icon")
Note
There are special cases where default security is not applied on newly created objects. For more information about these situations, see the Microsoft Platform SDK link on the Web Resources page at https://windows.microsoft.com/windows2000/reskit/webresources .